The Threatening Malware Landscape

Next@Norton security conference opened with an historical view of computer invasions to help us understand the growing need for computer security applications. Originally, attacks focused on one person, quickly the threats became more advanced. Now hackers want to control the machine for a long period of time, not just get in, mess with your head, and out. To do so, they are even sneaking into the master boot record.

Just two days before reports of the latest breach – Citibank – hit the newsstands, Symantec giving us the scoop on malware. "Mal" from the Latin prefix meaning bad or evil, "ware" an reference to software. Malware is designed to cause at the least, annoyance or disruption, at the worst, destruction.

Pat Gardner gives talk on security during Next@Norton

To illustrate his point, after explaining how threats have proliferated, Pat Gardner, Senior Director of Development from Symantec, picked some of what he called "interesting" threats. His topic, "Defending Against Tomorrow?s Innovative Malware," covered how malware can be a danger not only to your computer and mobile devices, but to a country?s infrastructure. Reassuringly, he showed how Norton?s Security team is working hard to stay ahead of the criminals. Symantec is proud of STAR – their Security Technology and Response program.Why is malware becoming more ubiquitous? Gardner said that Java has made life easier for hackers. It lets them write code once and easily proliferate it by running the code through crypters. It can be thought of as one-size-fits-all. Java spans all platforms and operating systems. Apple is beginning to take notice of that fact. MacDefender has hit the streets, or should we say hit the sacred, once thought to be impervious, Mac.

Buying MacDefender application will not only make your Mac PC vunerable to attacks, it will also mean your money is being sent to Russia, alongside your credit card informationGardner pointed out that a lot of malware is constructed to look like the real thing and often does have beneficial features. MacDefender is a fake anti-virus (AV) package that has the look and feel of a true Mac product. It even pops up warnings of so called viruses it has found on your computer. Gardner estimated that it would have taken four or five months to for a team to develop it. He said there is real money behind such effort.

MacDefender forwards users to attack sites, where your registration money goes to Russia, and probably your credit card information too. The monetizing of threats has created a flood of malevolents. There is money to be made; hacking is not just a game anymore. It?s a business. Remember Heathkits? Well, a market is out there offering java-only attack kits. Crypter kits have made it easy to mass mutate malware.

There are various kinds of threats to your computer?s health and your privacy. Let?s define a few in simple terms. A virus usually is attached to an executable (.exe) file. They can damage your hardware, software, files, or all three. The virus spreads from computer to computer as you share files or email attachments, similar to passing germs by sharing a cup of coffee [no java pun intended].

A worm replicates itself and travels on its own. Trojan horses are destructive programs that appear to be legitimate. They come in several flavors that may destroy programs or data on your computer. A bot or zombie computer is one that has been compromised and is controllable by a remote entity. Think ro-bot, a remotely controlled machine that does, without question, what its maker directs (Forget HAL for this discussion). Jnanabot in Fall 2010 was a bot-based, java scripted Trojan that would stop the wscsvc Windows security service and record your keystrokes, sending the information to a remote server. Did I hear someone think "my credit card numbers"? This bad boy posts malicious links to users? social network accounts.

A remote access or remote administrator trojan (RAT) is a bot controller, but described as more user friendly. Gardner called BlackHole RAT an equal opportunity threat because it went for both Mac OS and Windows machines. In this case, the attacker controls your machine. It may log keystrokes and pop up a request for your administrator password that looks just like a Mac prompt. Your response goes back to the controlling computer giving some unknown someone access to data on your computer.

You might become infected from pirated software – shame on you anyway if that is the case – or from an email attachment. Common sense says to keep your anti-virus software up to date and don?t download programs or open attachments that aren’t from a source you trust.

Unlike rumors that Stuxnet was built to specifically target Iranian nuclear program, reality was that Stuxnet attacked industrial complexes worldwide and caused serious threat r />Eventually a beyond-personal threat evolved. You could classify it as terrorism or cyber-terrorism. This complex threat was known as Stuxnet. For the first time ever, industrial control system hardware was infected. More about that in a future article.